Remarks 

The above Amendments and these Remarks are in reply to the Final Office Action mailed 
on December 20, 2005, and is being filed concurrently with a REQUEST FOR CONTINUED 
EXAMINATION UNDER 37 C.F.R. §1.114. 

I. Summary of Examiner's Rejections 

Prior to the Office Action mailed on December 20, 2005, Claims 57, 58, 63, 64, 72, 73, 81 , 
82 and 90-95 were pending in the Application. In the Office Action, Claims 57, 63, 72, 81 , 90, 92 and 
94 were rejected under 35 U.S.C. 103(a) as being unpatentable over Luckenbaugh (U.S. Patent No. 
5,991 ,877) in view of Arnold et al (U.S. Patent No. 6,466,947, hereinafter Arnold). Claims 58, 64, 73 
and 82 were rejected under 103(a) as being unpatentable over the modified Luckenbaugh and 
Arnold system. Claims 91 , 93 and 95 were rejected under 35 U .S.C. 1 03(a) as being unpatentable 
over the modified Luckenbaugh and Arnold system and further in view of Balassanian (U.S. Patent 
No. 6,324,685). Claims 57-58, 63-64, 72-73 and 81-82 were rejected on the ground of nonstatutory 
obviousness-type double patenting as being unpatentable over Claims 1 , 26 and 28 of U.S. Patent 
No. 6,941 ,472. Claims 90-95 were rejected on the ground of nonstatutory obviousness-type double 
patenting as being unpatentable over Claims 1 , 26 and 28 of U.S. Patent No. 6,941 ,472 in view of 
Luckenbaugh and Balassanian. 

II. Summary of Applicant's Amendment 

Applicant does not agree with the above rejections for at least the reasons presented in the 
Response mailed on November 21 , 2005. However, for the purpose of expediting prosecution of 
this application, Applicant herein presents some amendments that will further highlight the 
distinctions between claimed embodiments of the present invention and the cited references. 
Applicant reserves the right to pursue any earlier presented claims in a currently pending or 
continuation application, without prejudice to or disclaimer of the earlier presented claims. 

The present Response amends Claims 57, 63, 72, 81, 91, 93 and 95, leaving for the 
Examiner's present consideration Claims 57, 58, 63, 64, 72, 73, 81 , 82 and 90-95. Reconsideration 
of the Application and of the claims is respectfully requested. 

III. Rejections Under 35 U.S.C.S 103(a) 

In the Office Action mailed December 20, 2005, Claims 57, 63, 72, 81 , 90, 92 and 94 were 
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rejected under 35 U.S.C. 1 03(a) as being allegedly unpatentable over Luckenbaugh (U.S. Patent No. 
5,991 ,877) in view of Arnold et al (U.S. Patent No. 6,466,947, hereinafter Arnold). Claims 58, 64, 73 
and 82 were rejected under 1 03(a) as being allegedly unpatentable over the modified Luckenbaugh 
and Arnold system. Claims 91 , 93 and 95 were rejected under 35 U.S.C. 1 03(a) as being allegedly 
unpatentable over the modified Luckenbaugh and Arnold system and further in view of Balassanian 
(U.S. Patent No. 6,324,685). 

Claim 57 

Claim 57 has been amended to more clearly define the embodiment therein. As amended, 
Claim 57 now defines: 

57. (Currently Amended) A system for maintaining security in a distributed 
computing environment, comprising: 

a policy manager located on a server for creating a local security policy and 
for distributing the local security policy to a client wherein the local security policy 
includes a plurality of rules customized to the client; and 

an application guard located at the client for managing access to securable 
components at a client level as specified by the local security policy, the securable 
components including at least one application; 

wherein the policy manager receives a global security policy that includes a 
plurality of rules for regulating access to securable components within the system 
and wherein the policy manager customizes the local security policy by selecting a 
subset of rules from the global security policy that is applicable to the application 
guard and distributes the subset to the application guard. 



As amended, Claim 57 defines a policy manager that receives a global security policy 
including a plurality of rules for regulating access to securable components within the system. The 
policy manager then customizes a local security policy for the client by selecting a subset of rules 
from the global security policy, that is applicable to the application guard located on the client and 
distributes the customized local security policy to the client to be enforced thereon. Applicant 
respectfully submits that Luckenbaugh in combination with Arnold fail to render obvious these 
features of Claim 57. 

In the Office Action it was proposed that "at the time of the invention it would have been 
obvious to a person of ordinary skill in the art to use Arnold's policy distribution and enforcement in 
the Luckenbaugh system." Applicant respectfully disagrees. Luckenbaugh explicitly teaches away 
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from using local enforcement and distribution functionality. For example, Luckenbaugh teaches that 
"security policies are preferably enforced by the server. In contrast, a client processor is not 
necessarily trusted..." (Col. 6, lines 26-30). As such, since Luckenbaugh teaches away from local 
policy enforcement and distribution, it would not have been obvious to a person of ordinary skill in 
the art to combine its teachings with the teachings in Arnold. Accordingly, Luckenbaugh and Arnold 
in combination fail to render obvious the features of Claim 57. 

Furthermore, even if Luckenbaugh and Arnold could be combined, they would still fail to 
render obvious the features defined in Claim 57. For example, Luckenbaugh in combination with 
Arnold still fail to teach a policy manager that receives a global security policy including a plurality 
of rules for regulating access to securable components and wherein the policy manager customizes 
the local security policy by selecting a subset of rules from the global policy that is applicable to the 
application guard and distributes the subset to the application guard, as defined in Claim 57. 

Firstly, Luckenbaugh and Arnold fail to disclose customizing a security policy local to the 
client by selecting a subset of the global policy's rules that apply to the application guard, as defined 
in Claim 57. For example, both Luckenbaugh and Arnold fail to disclose any global security policy. 
Furthermore, the references fail to teach customizing a local policy from the global policy. Instead, 
Luckenbaugh teaches that a custom policy manager can be developed by writing code during the 
development of a trusted application (Luckenbaugh col. 12, lines 30-33). This is different from 
deriving a customized local security policy from a global policy by selecting a subset of its rules that 
apply to the application guard, as defined in Claim 57. Some advantages of this feature include that 
no code needs to be written by the developer, and that each client receives a security policy 
customized to the application guard. 

Secondly, it was admitted in the Office Action mailed December 20, 2005 that Luckenbaugh 
fails to disclose distributing the policy to clients where the policy is enforced. It was proposed, 
however, that Arnold teaches distributing a policy to clients where the policy is enforced. Applicant 
respectfully disagrees. Arnold appears to teach that a machine first determines if a verification is 
requested and if so, it requests a policy object from a server. When it receives the policy object, that 
object appears to include a reference to the code for use in verification (Arnold, col. 9, lines 45-51). 
This is different from the policy manager located on the server creating a customized local policy 



-8- 

Attorney Docket No.: BEAS-01453US1 
JGeringson/BEAS/1453/usl/RCE Resp to 12-20-05 OA.wpd 



and then distributing that local policy to each client, as defined in Claim 57. Rather than the client 
requesting a policy object from the server upon each verification request, as apparently taught in 
Arnold, the advantages of Claim 57 allow clients to be automatically provided with a set of rules 
which they can use to enforce security locally without further requests to the server. A further 
advantage is the enablement of central security management at the server/policy manager level for 
all clients. 

In view of the above comments, Applicant respectfully submits that Claim 57, as amended, 
is neither anticipated by, nor obvious in view of the cited references, and reconsideration thereof is 
respectfully requested. 

Claims 63, 72 and 81 

Claims 63, 72 and 81 have been amended similarly to Claim 57 to more clearly define the 
embodiments therein. Applicant respectfully submits that Claims 63, 72 and 81 as amended, are 
likewise neither anticipated by, nor obvious in view of the cited references, and reconsideration 
thereof is respectfully requested. 

Claims 58, 64, 73, 82 and 90-95 

Claims 58, 64, 73, 82 and 90-95 are not addressed separately, but it is respectfully 
submitted that these claims are allowable as depending from an allowable independent claim, and 
further in view of the comments provided above. Applicant respectfully submits that Claims 58, 64, 
73, 82 and 90-95 are similarly neither anticipated by, nor obvious in view of the cited references, and 
reconsideration thereof is respectfully requested. 

It is also submitted that these claims also add their own limitations which render them 
patentable in their own right. Applicant respectfully reserves the right to argue these limitations 
should it become necessary in the future. 

IV. Double Patenting 

In the Office Action mailed December 20, 2005, Claims 57-58, 63-64, 72-73 and 81 -82 were 
rejected on the ground of nonstatutory obviousness-type double patenting as being unpatentable 
over Claims 1 , 26 and 28 of U .S. Patent No. 6,94 1 ,472. Claims 90-95 were rejected on the ground 
of nonstatutory obviousness-type double patenting as being unpatentable over Claims 1 , 26 and 28 
of U.S. Patent No. 6,941,472 in view of Luckenbaugh and Balassanian. 
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The present Response amends independent Claims 57, 63, 72 and 81. Applicant 
respectfully submits that as amended, these claims are patentably distinct from Claims 1 , 26 and 
28 of U.S. Patent No. 6,941 ,472. Claims 58, 64, 73, 82 and 90-95 depend from Claims 57, 63, 72 
and 81 and as such they are patentably distinct for at least the same reasons as their respective 
independent claim. Accordingly, reconsideration thereof is respectfully requested. 

V. Conclusion 

In light of the above amendments and remarks, it is respectfully submitted that all of the 
claims now pending in the subject patent application should be allowable, and reconsideration 
thereof is requested. The Examiner is respectfully requested to telephone the undersigned before 
an advisory action is issued in order to avoid any unnecessary filing of an appeal. 

The Commissioner is authorized to charge any underpayment or credit any overpayment 
to Deposit Account No. 06-1 325 for any matter in connection with this response, including any fee 
for extension of time, which may be required. 



Respectfully submitted, 





FLIESLER MEYER LLP 
Four Embarcadero Center, Fourth Floor 
San Francisco, California 94111-4156 
Telephone: (415) 362-3800 
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